Can't ping tunnel default gateway

Unanswered Question
Dec 17th, 2007

I setup an ezvpn server on a 2811 (12.4) but can't ping the router's default gateway when tunneled to it. Everything else seems to be working correctly. In windows, ipconfig shows the default gateway is the same as my pool address which I thought was the issue but from reading other posts, that appears to be correct? So why doesn't the tunnel use the 2811's default gateway? Also, I started with the local pool in the same network as fa0/0 then changed it. That didn't help.

all AAA is local...

crypto isakmp policy 1

encr aes 256

authentication pre-share

group 2


crypto isakmp client configuration group jailbreak

key xxxxxxxx

dns xxxxxxxx


pool client_pool_1

max-users 2

crypto isakmp profile ike-profile-1

match identity group jailbreak

client authentication list vpn_xauth

isakmp authorization list vpn_group

client configuration address respond

keepalive 30 retry 5

virtual-template 1

crypto ipsec transform-set AES_256 esp-aes 256 esp-sha-hmac


crypto ipsec profile IPSec_Profile1

set security-association idle-time 3600

set transform-set AES_256

set isakmp-profile ike-profile-1

interface FastEthernet0/0

description To lab-gw

ip address x.x.159.210

no ip redirects

no ip unreachables

no ip proxy-arp

duplex full

no mop enabled

interface Virtual-Template1 type tunnel

ip unnumbered FastEthernet0/0

tunnel mode ipsec ipv4

tunnel protection ipsec profile IPSec_Profile1


ip local pool client_pool_1 x.x.159.213 x.x.159.214

ip route x.x.159.209

Thank you for the help,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jpodolanko Tue, 12/18/2007 - 15:28

I'm having the exact same issue with this new "Enhanced VPN Server". Only difference is I mapped my Virtual-Template interface to a loopback interface (for inside NAT) which acts as my default gateway for any VPN connection. My SSLVPN works just fine however, but Remote Access just won't play nice. I've posted a separate message myself and I've attached my config to that message. Maybe something in my config can help you??? Just a thought...

mgallagher44 Wed, 12/19/2007 - 11:24

I thought I read somewhere that your pool shouldn't be in the same network as your interface address, not positive though. It might be worth a shot to change that. Other than that, nothing stood out.

jpodolanko Wed, 12/19/2007 - 13:23

I tried a different IP address on the Loopback interface and lost all SSLVPN connectivity. I could not establish a tunnel. I would think you NEED an IP Address in the same network as the pool to act as the default gateway for the VPN.


This Discussion